Popular Online Social Networks (OSNs), such as Facebook, Twitter, or LinkedIn, connect millions of people across the globe, allowing users to share information about themselves. OSN users are rarely aware of the amounts and types of data and metadata collected about them, or about the value of this data and the extent to which highly sensitive information could be extracted from analyzing it.
OSNs are centralized services that are owned and managed by single business entities. Most of them are capable of learning as much as possible about users such as their tastes, their habits, their spending patterns, or even their feelings and states of mind. These data do not only cover the information that users willingly share with their contacts but encompass information such as the times they are online or the locations from where they connect.
This massive collection and aggregation of different types of data about millions of individuals in the hands of a few centralized entities are considered as one of the most serious and fundamental threats to the right to privacy. Last week, a report by the federal Privacy Commissioner found that Facebook “broke the Canadian law and evaded its responsibility to protect the privacy of Canadians”.
One of the responses to mitigate this privacy dilemma inherent to the centralized model is to move to decentralized architectures by designing solutions that can provide similar online socializing functionality without the need of any one single central entity. One example consists of an architecture of multiple independent federated servers that provide the same OSN functionality, from which users can freely choose which to join and whom to trust. The second example consists of building peer-to-peer (P2P) networks of end users devices with direct one-to-one interactions between them.
In this paper, Leila Bahri from the Royal Institute of Technology in Stockholm (Sweden) and her colleagues from the Insubria University in Varese (Italy) set to compare and discuss the privacy challenges related to decentralizing online social networks (DOSNs). Their literature review focused on three main challenges regarding privacy: data storage, access rights and control management, and identity, fake accounts and fake content management.
In DOSNs, information is not only stored in one single central location that is managed by one single known and accountable entity but is rather dispersed across different peers of the P2P network. This data distribution among peers in the decentralized network creates a threat when it comes to online privacy management. Access control and rights management become the distributed responsibility of the different peers that store a user’s data. This management requires coordination and consensus agreement to maintain a secure state of the system. In the current scientific literature, access rights and control management for DOSNs have mainly been addressed using encryption based techniques despite the challenge of group membership management. Finally, in a DOSN, with the absence of a central authority, fake identities and malicious peers have more freedom to operate and infect the network without risking to be detected or removed, making this another challenge to ensuring privacy in the network.
Decentralization might appear as a solution to significant privacy issues in OSNs. However, it does not come free of new challenges and issues to privacy itself. Almost all research efforts on DOSNs have shown that building social networking functionality under a decentralized architecture opens up more technical challenges than what it theoretically promises to solve. Indeed, while decentralization solves the single aggregation and collection data point and the privacy concerns related to it, it also removes all the other protection mechanisms that were under the responsibility of the central provider such as content storage or access control management.
Cite: Bahri, L, Carminati, B., and Ferrari, E. (2018). Decentralized privacy preserving services for Online Social Networks. Online Social Networks and Media, 6, 18-25.